Messages

1

23.7 Legacy Series / Re: Disable packet filtering for specific LAN

« on: December 12, 2023, 10:42:59 am »

Can you post the make and model of the device along with what exactly is being blocked?  A network diagram and your fw rules would be helpful as well.

The device is a TV Box which is SVI Cloud 3s. It's a HK based TV Box. My network diagram is Modem -> OPN Sense Router -> Switches/Access Point -> PC/TV Box

My firewall rules is Block Inbound All and default firewall rules. That's all. Nothing complicated.

I try to diagnose by looking Firewall - Diagnostics - States. I found nothing that block it. I have move the TV Box to different interface just to simplify the searching.

I try to disable Suricata but no helps also. I found out that there is a lot of malware alert trigger.

2

23.7 Legacy Series / Re: Disable packet filtering for specific LAN

« on: November 28, 2023, 03:20:00 am »

Is there a DNS filter active? Some filter lists will block Smart TV requests...

How to check is the DNS filter active?

My unbound don't have block list.

3

23.7 Legacy Series / Re: Disable packet filtering for specific LAN

« on: November 28, 2023, 03:03:49 am »

The live firewall diagnostics page should also tell you what ports are being blocked.  It sounds like you're using something other than the default LAN interface for this tv box so it will only have access to what you give it.

Im using default LAN port. I suspect my ISP block it since i try Firewall diagnostic but didn't found anything that block it.

4

23.7 Legacy Series / Re: Disable packet filtering for specific LAN

« on: November 27, 2023, 11:02:11 am »

Is there a DNS filter active? Some filter lists will block Smart TV requests...

How to check is the DNS filter active?

5

23.7 Legacy Series / Re: Disable packet filtering for specific LAN

« on: November 27, 2023, 10:55:00 am »

Both of you suggestion make sense. Let me dig into it and let you know in coming days.

6

23.7 Legacy Series / Re: Disable packet filtering for specific LAN

« on: November 27, 2023, 03:12:07 am »

I notice the TV box cannot connect to its server when launching the app. It say network connection failed.

7

23.7 Legacy Series / Disable packet filtering for specific LAN

« on: November 26, 2023, 05:14:51 am »

Dear forumer, I had a TV box which some contents are block by opnsense firewall. Can we disable firewall for certain IP. If yes, how to do it?

Can we whitelist the server ip?

8

22.1 Legacy Series / Re: Method to secure root account

« on: June 03, 2022, 04:03:14 am »

How to disable root login on console?

9

Intrusion Detection and Prevention / Re: Suricata IPS Mode

« on: May 30, 2022, 10:07:18 am »

Anyone willing to pin point what is the problem?? Please help. Thanks.

10

22.1 Legacy Series / Re: Method to secure root account

« on: May 30, 2022, 09:19:27 am »

Yes, I had secured the serial console but I want further harden the serial console with sudo or 2FA. It makes the intruder harder to gain root access to the console.

11

Intrusion Detection and Prevention / Suricata IPS Mode

« on: May 27, 2022, 04:29:34 am »

Dear All,

I had configure the suricata in ips mode using netmap Intel NIC igb driver but I can't seems to have drop/block tab on the Web UI.

I cannot download the ET Pro rules, it takes few hours but still cannot finished download the rules. What is the problem?

Hope someone can enlighten on this.

12

22.1 Legacy Series / Re: Non bootable Image

« on: May 17, 2022, 03:12:37 am »

Yes, I able to boot pfsense iso and other iso, just cannot boot dd opnsense ISO.

Please help. Thanks.

13

Intrusion Detection and Prevention / Suricata IPS Mode Ruleset

« on: May 14, 2022, 01:54:30 am »

Dear All,
I switch from pfsense to Opnsense since it i more secure but i want to enable Suricata mode as IPS. My interface card is igb0 and igb1. I will disable the hw checksum offloading, hw TCP Seg offloading and HW Large Receive offloading in order for IPS to operate properly.

Questions:
What rules set should i register?
Where to get the rule set like in Snort we have Oinkcode?

I don't mind paying for closed source rule set but please point me to a right direction.

Appreciate your help. A billion thanks for your help.

14

22.1 Legacy Series / Re: Non bootable Image

« on: May 14, 2022, 01:46:56 am »

Anyone can help me. I really want to try out Opnsense firewall. Appreciate it. A billion thanks in advance.

15

22.1 Legacy Series / Non bootable Image

« on: May 13, 2022, 04:39:36 am »

Dear All,

I had downloaded latest opnsense from official mirror but when I burn it into USB it say missing partition table then when try to boot it doesn't appear on the boot list at BIOS.

I burn opnsense using balena etcher software in Fedora. I extract the bzip2 file using command bzip2 in Fedora.

What have I doing wrong here? Any suggestion? Appreciate your help. Thanks.